Ad Widget

Collapse

Cannot logout through JSON API

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Cannot logout through JSON API

    Hi,

    I'm using Zabbix 1.8.4, and I have an external application doing some requests through the JSON API. I'm trying to use user.logout to destroy the sessions I won't use any more, but since the docs are incomplete I can't find any reference of this operation, and there seems to be a bug in it.

    First, I tried this:

    Zabbix request:
    Code:
    {
      "id":0,
      "auth":"14e669ba7c278c44678cbcbcb97c442d",
      "jsonrpc":"2.0",
      "method":"user.logout",
      "params":["14e669ba7c278c44678cbcbcb97c442d"]
    }
    Zabbix response:
    Code:
    {
      "jsonrpc":"2.0",
      "error":{
        "code":-32400,
        "message":"System error.","data":"JSON-rpc error generation failed. No such error: "
      },
      "id":0
    }
    Investigating a bit, I figured out that api/classes/class.cuser.php was trying to run this query in the function logout:

    Code:
    SELECT s.*
      FROM sessions s
      WHERE s.sessionid=Array
        AND s.status=0
        AND ((s.userid  BETWEEN 000000000000000 AND 099999999999999))
    I guessed that the sessionid should not be passed inside an array, so I tried this:

    Zabbix request:
    Code:
    {
    "id":0,
      "auth":"14e669ba7c278c44678cbcbcb97c442d",
      "jsonrpc":"2.0",
      "method":"user.logout",
      "params":"14e669ba7c278c44678cbcbcb97c442d"
    }
    Zabbix response:
    Code:
    {
      "jsonrpc":"2.0",
      "error":{
        "code":-32602,
        "message":"Invalid params.","data":"JSON-rpc params is not an Array."},
      "id":0
    }
    As you can see, the API prevents me to run this request because 'params' is not an array, but cuser::logout expects the parameter to be a single string.

    Has anybody used user.logout sucessfully? Should I report this behaviour as a bug?

    #2
    We've discovered the same thing. We have just simply let the sessions die, or clean them up periodically from the db. We would like, however, a proper logout.

    Comment


      #3
      For your reference, I created the following ticket:

      https://support.zabbix.com/browse/ZBX-3907
      Last edited by jaragunde; 27-06-2011, 09:42. Reason: Wrong URL

      Comment


        #4
        Maybe set user auto-logout time-out in the profile of an API user, as a temporary solution?
        Regards,
        Sergey Syreskin

        Monitored hosts: 2646 / Active items: 23604 / Server performance: 765.74

        Temporary out of Zabbix business

        Comment


          #5
          Thanks for your suggestions. Currently I'm cleaning the DB periodically; I'm already accessing it to extract some history data, so that's not a big deal. But I think it's worth sharing this problem .

          Comment


            #6
            diff:
            *** class.cuser.php.old 2011-10-05 11:02:30.000000000 +0400
            --- class.cuser.php 2011-10-05 11:01:13.000000000 +0400
            ***************
            *** 1113,1118 ****
            --- 1113,1119 ----
            public static function logout($sessionid){
            global $ZBX_LOCALNODEID;

            + $sessionid = $sessionid['sessionid'];
            $sql = 'SELECT s.* '.
            ' FROM sessions s '.
            ' WHERE s.sessionid='.zbx_dbstr($sessionid).

            query (perl syntax): {... ,method => 'user.logout', params => { sessionid => 'asdgg..' }}

            Comment

            Announcement

            Collapse
            No announcement yet.
            Working...
            X